P.S. I Love You

Valentine’s Day (February 14th) is a day originally named after the two Christian martyrs who died over 1700 years ago. Nowadays, of course, it is a day of love, happiness, and men frantically trying at the last minute to find a florist that still has roses in stock. Since the 19th century’s introduction of greeting cards, Valentine’s Day has become more commercialised, and — for many companies — a huge source of revenue. Not known for being slow on the uptake, the malware industry has for years taken advantage of this holiday to huge effect. With less than a month to go (and with the obvious culprits already jumping the gun), here is short look back down memory lane at the Valentine’s Day malware of the 21st century:

2007: WORM_NUWAR.AAIStorm again the culprit here, with an email containing a large set of subjects. This was before Storm really started to use links to sites with vulnerabilities, so attachments such as Greeting card.exe were the attack vector. An interesting trick used by the malware was to randomly generate the email address in the From field to come from one of the long list of girls’ names… everything from “Aldora” to “Zilya”. Maybe the authors thought that men would be the only ones foolish enough to open the attachment. Judging by the growth of the Storm botnet around that time, it appears they were right.

2006: WORM_BAGLE.EWSpread via email with subjects such as “Will You Be My Valentine?” and “Love you with all my heart!”, this threat also included one of three romantic poems and a background full of images of the classic Valentine’s Day heart to entice the user to open the attached love_me.exe.

2005: WORM_KIPIS.EAnother mass-mailer with all the normal trimmings. Although they had normal attachments with names like Valentine.exe, other names such porno_03.exe were kind of missing the point of the holiday.

2003: TROJ_CUPIDCARD.AThis was actually a piece of adware instead of a mass-mailing worm. In addition to the normal, it would launch a clean file called “VALSDAY.EXE” that showed the following ecard:

2002: VBS_NUMGAME.AWant to play a game? No, its not another awful SAW movie, but a good ol’ fashioned threat from the days before we even thought of the word “cybercrime”. Posing as a number-guessing game (hence the clever name) from your Valentine, this nasty little thing resets your system date…oh, and also deletes the contents of your hard drive.

2001: VBS_VALENTIN.A
Another “old-style threat” with a payload that is triggered on February 14th. All files on an affected machine are overwritten by a Spanish love note written by the malware author who is supposedly professing his love for “Davinia, the most beautiful girl in the world”. The author assures the users not to worry, as their files have not been infected by a virus, but merely “sacrified for the love I feel for Davinia”. Not very comforting to be honest.

So remember folks, although the Storm crew have already got the show on the road, they won’t be the only ones. So if you receive a romantic email over the next couple of weeks from an address you don’t recognise (or from one that you do, for that matter), for your sake I really do hope it’s from the Brad Pitt/Angelina Jolie look-alike who just started last week in the desk opposite yours.

However, it might be a good idea to just play safe and delete that email. After all, if they really did want to be your Valentine, they would be down in the florists frantically trying to buy those last roses.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:

Security Predictions for 2020

Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.Read our security predictions for 2020.

Business Process Compromise

Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more,
read our Security 101: Business Process Compromise.